Logstash query for IPs and GeoData

Blason · October 9, 2018, 5:11pm

Hi Team,

Here is my logstash config file and would like to know that how do I put a filter for IP addresses? *.out can contain domains, URLs, IP addresses or hashes.

So as soon as logstash sees IP addresses geo data has to be created.
Can someone please guide me?

input {

file {
path => "/opt/output/*.out"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
csv {
separator => ","
columns => ["IOC","attack","Severity"]
}
}
output {
elasticsearch {
hosts => "http://172.xx.xx.xx:9200"
index => "logstash-iti-%{+YYYY.MM.dd}"
}
}

TIA
Blason R

Blason · October 10, 2018, 3:44am

Hi Team,

It may sound basic but honetly I am not getting any clue here as to how to parse the and check for IOC column and if that contains IP need to add GEO data.

system · November 7, 2018, 3:44am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash help with geoip mapping from csv file Logstash	5	1632	March 21, 2019
Logstash Setup with GeoIP Logstash	18	2282	October 9, 2019
Logstash filter for IP addresses Logstash	1	1513	November 15, 2017
Geoip.ip and private ip file Logstash	4	3337	February 23, 2017
DNS Filter And GeoIP can't see ip field Logstash	4	1146	September 1, 2018

Logstash query for IPs and GeoData

Related Topics